From 743da03b5fe32dc37127a72d96464fa740c5bba6 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 22 Feb 2024 22:46:54 +0100
Subject: Retire some CVEs

---
 retired/CVE-2023-52446 | 13 +++++++++++++
 retired/CVE-2024-26592 | 12 ++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 retired/CVE-2023-52446
 create mode 100644 retired/CVE-2024-26592

(limited to 'retired')

diff --git a/retired/CVE-2023-52446 b/retired/CVE-2023-52446
new file mode 100644
index 00000000..63062aed
--- /dev/null
+++ b/retired/CVE-2023-52446
@@ -0,0 +1,13 @@
+Description: bpf: Fix a race condition between btf_put() and map_free()
+References:
+Notes:
+ carnil> Commit fixes 958cf2e273f0 ("bpf: Introduce bpf_obj_new") in 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc1) [59e5791f59dd83e8aa72a4e74217eabb6e8cfd90]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26592 b/retired/CVE-2024-26592
new file mode 100644
index 00000000..9711fc25
--- /dev/null
+++ b/retired/CVE-2024-26592
@@ -0,0 +1,12 @@
+Description: ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [38d20c62903d669693a1869aa68c4dd5674e2544]
+6.1-upstream-stable: released (6.1.75) [380965e48e9c32ee4263c023e1d830ea7e462ed1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3